Media sites brace for hacktivist attacks

Traditional news companies and other websites covering this year's presidential election are preparing for a flood of web traffic over the coming months, and not just from political junkies. Politically motivated hacktivist attacks have become a top concern among companies providing election coverage online.

Bill Wheaton, senior vice president and general manager of Akamai's media division, says the 2012 election could generate roughly four-to-five times as much web traffic as it did in 2008. At peak hours, he estimates that as many as 4 million people could be streaming coverage of the election simultaneously, as a result of the increase in devices and social networks facilitating access to streamed content.

"If you look at the coverage that the cable news networks are going to be providing online, they're going to allow you to cut to a lot of live feeds for different types of debates, and events and speeches and so on, much more than they could ever put on television," Wheaton says. "So the amount of content that they're going to make available is going to go up exponentially."

Naturally, news companies and other websites providing live streaming of election-related events have a lot on the line this year. As a content delivery network, Akamai works directly with such news sites as CNN, Fox News, and Turner Broadcasting to ensure their web broadcasts aren't interrupted. Coverage of this year's election has made for the first instance in which content providers are expressing concerns about hacktivists launching distributed denial-of-service attacks, Wheaton says.

"They're looking out for all sorts of hackers," Wheaton says. "As you've seen, the activists move online in a much more aggressive way, and so news organizations have been attacked, as have presidential candidates. And obviously governmental sites have been attacked and that's been in the news quite a bit."

Indeed, hacktivist targets of the past have included CNN's website, Fox News political correspondent Bill O'Reilly, and even the websites of the Department of Justice and the FBI. Through the first half of 2012, distributed DoS attacks increased 70% compared to the same period in 2011, according to research that website defense provider Prolexic provided to USA Today last month. A separate survey of ISPs released by Arbor Networks earlier this year concluded that "ideologically motivated 'hacktivism' and vandalism are the most readily identified distributed DoS attack motivations."

Content providers have been familiar with distributed DoS attacks for years. What's so concerning now is how much more severe the attacks have become, says Tom Hughes, managing director of nonprofit hosting provider VirtualRoad.org. Hughes, who works with independent news sites in such countries as Iran and Burma, and has seen distributed DoS attacks launched by state-sponsored entities as a form of media censorship, says more media companies may be concerned about distributed DoS now simply because the attacks have become far more severe.

"The scale and the length of the attacks are growing exponentially," Hughes says. "It's growing at an incredibly rapid pace. What we would have considered to be a big attack a few years ago is now almost peanuts. The scaling up is going very quickly."

Years ago, common distributed DoS attacks would keep a website down for a few hours, in some cases "a day or two," Hughes says. Now, those attacks are bringing websites down for weeks at a time, including one case Hughes saw that put a website out of commission for 21 days.

"That's a hell of an attack," he added. "It goes on for a very long time, and 21 days would obviously kill any news media, in terms of operations."

However, contrary to what Wheaton has seen, Hughes says concern about distributed DoS does not necessarily translate into action.

"I'm not going to name any names, but I've come across a number of Western media outlets that are not prepared for this, and who basically admit as such," Hughes says.

He says many media companies recognize that they need to protect against distributed DoS attacks, but adds that "particularly at a time when advertising budgets are shrinking and so on and so forth, it's a difficult prioritization for them to make."

At the same time, politically motivated attacks may become more likely in the coming months leading up to the election, with the national spotlight on related events, such as the Republican and Democratic National Conventions beginning in late August.

"The Internet, what it fundamentally is, is a tool which empowers and can be used by those that are not in control of processes in a country," Hughes says. "And whether that be the Occupy movement, hacktivists, or 'Anonymous,' or whoever it is, they are using it as a type of tool to try and, in their view, level the playing field."

Though they've seen different trends to this point, Wheaton and Hughes agree that the standard website, be it for news coverage or campaign purposes, cannot protect itself from distributed DoS without some kind of assistance. The election only raises the stakes on those willing to risk it on their own.

"Those websites are really important when it comes to fundraising and communicating with their constituents and all those things," Wheaton says. "They have to be up 100% of the time and can't be down due to attacks by various protestors or organizers."

Colin Neagle covers emerging technologies, privacy and enterprise mobility for Network World. Follow him on Twitter https://twitter.com/#!/ntwrkwrldneagle and keep up with the Microsoft, Cisco and Open Source community blogs. Colin's email address is cneagle@nww.com.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.